Inherent risks cover several distinct areas
In Hawaii, directors and audit committee members have many responsibilities, including oversight of their company's financial reporting.
However, they may oversimplify the financial statement risks at their companies by limiting their analysis to matters required to be discussed by their external auditors. These matters usually include the adequacy of critical accounting estimates, such as revenue recognition and allowances for doubtful accounts, proposed audit adjustments or lack thereof, and internal control deficiencies identified in current and prior years.
As we continue our discussion of additional risks inherent in most companies, we will discuss economic, fraud and governance risks.
» Economic risk: Assessing how a company addresses economic risk begins with looking at the income statement to see if the end result is net income versus net loss, and whether the company was able to achieve budgeted results.
But it also requires going deeper and looking forward. For example, at a bank, you should understand the bank's sensitivity to interest-rate fluctuations and its planned responses to changes in the rate environment. Does management appear to plan courses of action and execute the appropriate plan as rates change?
Also, it helps to look to earnings quality rather than just quantity. Is your company making money from its core business, or were budgeted results achieved due to the positive results of changes in accounting principles or late-quarter investment sales or other means?
» Fraud risk: Unusual and frequent complex transactions can increase fraud risk, and risk increases further when an entity enters into complex accounting transactions with related parties.
Material accounts based on subjective judgments or estimates are another surefire way to increase risk. Audit committees need to understand who uses their financial statements externally and what their expectations are to properly evaluate the risks, as pressure to meet expectations (from analysts or others) may lead to riskier behavior.
In addition, the possibility of sale of the company in the near future increases risks because of new incentives and pressures for the company to look good to the buyer. In these situations, management may take actions to cover up any blemishes the company may have.
» Governance risk: Board oversight, the tone at the top and independence from management are three key factors in mitigating governance risk.
Timeliness and sufficiency of information provided by management should also be taken into account. Some questions to ask when attending meetings include:
* When do you receive the agenda and supporting information?
* Is it provided a week ahead of committee meetings so you can understand and prepare, or does management distribute it at the meeting and run through the information quickly?
* Are you given ample time to provide input and ask questions?
Some things to look for in an audit committee include:
* Extent of the committee's oversight of internal audit. Who determines compensation and bonuses?
* Attendance (face-to-face, telephonically). Face-to-face is always better.
* Member participation level. Low participation from one or more members increases the governance risk profile.
* Linking of other committee activity to financial statement risks. When committee members attend other committee meetings, they should step back and think about how these affect the company's financial statements.
Craig Yamasaki is an audit manager for Grant Thornton LLP in Honolulu. He can be reached at email@example.com